Capturing Variability of Law with Nómos 2

  • Alberto Siena
  • Ivan Jureta
  • Silvia Ingolfo
  • Angelo Susi
  • Anna Perini
  • John Mylopoulos
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7532)


Regulatory compliance is increasingly viewed as an essential element of requirements engineering. Laws, but also regulations and policies, frame their provisions through complex structures made of conditions, derogations, exceptions, which together generate a high number of alternative compliance solutions. This paper addresses the problem of modeling, exploring and selecting among alternatives in a variability space defined by laws. Our proposal includes a conceptual modeling framework for laws and reasoning techniques, called Nòmos 2. The proposal is evaluated with a fragment of the Health Insurance Portability and Accountability Act (HIPAA).


requirement engineering variability regulatory compliance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Siena, A., Mylopoulos, J., Perini, A., Susi, A.: Designing Law-Compliant Software Requirements. In: Laender, A.H.F., Castano, S., Dayal, U., Casati, F., de Oliveira, J.P.M. (eds.) ER 2009. LNCS, vol. 5829, pp. 472–486. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  2. 2.
    Giorgini, P., Mylopoulos, J., Nicchiarelli, E., Sebastiani, R.: Formal Reasoning Techniques for Goal Models. In: Spaccapietra, S., March, S., Aberer, K. (eds.) Journal on Data Semantics I. LNCS, vol. 2800, pp. 1–20. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Sebastiani, R., Giorgini, P., Mylopoulos, J.: Simple and Minimum-Cost Satisfiability for Goal Models. In: Persson, A., Stirna, J. (eds.) CAiSE 2004. LNCS, vol. 3084, pp. 20–35. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  4. 4.
    Bresciani, P., Perini, A., Giorgini, P., Giunchiglia, F., Mylopoulos, J.: Tropos: An agent-oriented software development methodology. Autonomous Agents and Multi-Agent Systems 8(3), 203–236 (2004)CrossRefGoogle Scholar
  5. 5.
    van Lamsweerde, A.: Requirements Engineering: From System Goals to UML Models to Software Specifications. Wiley (2009)Google Scholar
  6. 6.
    Darimont, R., Lemoine, M.: Goal-oriented analysis of regulations. In: Laleau, R., Lemoine, M. (eds.) CAiSE 2006. CEUR Workshop Proceedings,, vol. 241 (2006)Google Scholar
  7. 7.
    Ghanavati, S., Amyot, D., Peyton, L.: Towards a Framework for Tracking Legal Compliance in Healthcare. In: Krogstie, J., Opdahl, A.L., Sindre, G. (eds.) CAiSE 2007 and WES 2007. LNCS, vol. 4495, pp. 218–232. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  8. 8.
    Rifaut, A., Dubois, E.: Using goal-oriented requirements engineering for improving the quality of iso/iec 15504 based compliance assessment frameworks. In: Proceedings of RE 2008, pp. 33–42. IEEE Computer Society, Washington, DC (2008)Google Scholar
  9. 9.
    Dinesh, N., Joshi, A., Lee, I., Sokolsky, O.: Reasoning about Conditions and Exceptions to Laws in Regulatory Conformance Checking. In: van der Meyden, R., van der Torre, L. (eds.) DEON 2008. LNCS (LNAI), vol. 5076, pp. 110–124. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  10. 10.
    Sartor, G.: The structure of norm conditions and nonmonotonic reasoning in law. In: Proceedings of the 3rd International Conference on Artificial Intelligence and Law, ICAIL 1991, pp. 155–164. ACM, New York (1991)CrossRefGoogle Scholar
  11. 11.
    Boella, G., Governatori, G., Rotolo, A., van der Torre, L.: Lex Minus Dixit Quam Voluit, Lex Magis Dixit Quam Voluit: A Formal Study on Legal Compliance and Interpretation. In: Casanovas, P., Pagallo, U., Sartor, G., Ajani, G. (eds.) AICOL-II/JURIX 2009. LNCS, vol. 6237, pp. 162–183. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    Kiyavitskaya, N., Zeni, N., Breaux, T.D., Antón, A.I., Cordy, J.R., Mich, L., Mylopoulos, J.: Automating the Extraction of Rights and Obligations for Regulatory Compliance. In: Li, Q., Spaccapietra, S., Yu, E., Olivé, A. (eds.) ER 2008. LNCS, vol. 5231, pp. 154–168. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  13. 13.
    Breaux, T., Antón, A.: Analyzing regulatory rules for privacy and security requirements. IEEE Trans. Softw. Eng. 34, 5–20 (2008)CrossRefGoogle Scholar
  14. 14.
    May, M.J., Gunter, C.A., Lee, I.: Privacy apis: Access control techniques to analyze and verify legal privacy policies. In: Proceedings of the 19th IEEE Workshop on Computer Security Foundations, pp. 85–97. IEEE Computer Society, Washington, DC (2006)CrossRefGoogle Scholar
  15. 15.
    Biagioli, C., Francesconi, E., Passerini, A., Montemagni, S., Soria, C.: Automatic semantics extraction in law documents. In: Proceedings of the 10th International Conference on Artificial Intelligence and Law, ICAIL 2005, pp. 133–140. ACM, New York (2005)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Alberto Siena
    • 1
  • Ivan Jureta
    • 2
  • Silvia Ingolfo
    • 1
  • Angelo Susi
    • 3
  • Anna Perini
    • 3
  • John Mylopoulos
    • 1
  1. 1.University of TrentoTrentoItaly
  2. 2.University of NamurNamurBelgium
  3. 3.FBK-IrstTrentoItaly

Personalised recommendations